Cracking a TrueCrypt Container

This week i tried to open an old TrueCrypt container. It turned out that i had forgotten the password. So I endeavored into the realm cracking the TrueCrypt container. Here are my experiences

The problem
I have a TrueCrypt container in which i hold my personal documents. The container is created with TrueCrypt 6.1a. Since i haven't been using the documents for a while, the password slipped from my mind. I a moment of desperation I tried to crack the password.

The preparation
To automate the process, I used the true.crypt.brute tool in version 1.9b. It is a very straightforward tool to use, but it has one drawback - it tries to crack based only on a pregenerated wordlist. That means that you need to generate your possible passwords list and let it rip.
First, i created a simple encrypted volume with a 2 character password to check the software.

It went through 819 passwords within 45 seconds and decrypted the password. This would mean that the brute force crack would run through around 64800 passwords per hour.

For a wordlist generator I used the old but excellent WG

Fist attempt and disappointment
If the password was in the interval between 2 and 4 characters and it contained only uppercase and lowercase alphabet and numbers, that means that you have 6,377,500 passwords to go through. The worst case scenario for a 4 character password is a bruteforce crack of 98 hours (4 days)

But, there is no 4 character password in a serious TrueCrypt container - especially mine.

Second attempt and disappointment
As luck was on my side, I was fairly certain of what the password was, only i couldn't tell which uppercase/lowercase letters i used and which numbers i added.
So i created a custom wordlist which included only the 13 letters contained in my password, and i set the password size between 16 and 18. I stopped the password generation at 33 million passwords. If i should run only those passwords, it would take me 21 days to go through them - and that's not a complete list!!!

A final attempt
As a final scenario i prepended the first part of the password - to which i was certain and left only 7 letters and 10 numbers to be padded. I distributed the workload on 4 machines, i cracked the password in 4 days.

The generic brute force attack on any target, including a TrueCrypt volume is extremely difficult to achieve since the time needed to try the passwords is very long. The only logical approach is to perform the 'due dilligence' of knowing the partial password before attacking the TrueCrypt volume.

Talkback and comments are most welcome

Related posts
Creating secure CD/DVD media for transport usingTruecrypt
TrueCrypt Full Disk Encryption Review
Tutorial - A Poor Man's Secure USB


Willem Kossen said...

Good to know that Truecrypt is pretty secure if the password is long enough. I have been using this application for years now.

Great post!

Anonymous said...

Hi, can you reveal where can I get true.crypt.brute tool? My friend uses 3 character pass. I told him that is unsafe pass, but he claim that isnt importatant. I want to show him how easy is crack such pass.

david and mary grace said...

The latest version, 1.9b, can be found at

bewegaleri said...

i really looking for this article. thanks for sharing

Anonymous said...

Hah. I wonder how many years it would take to crack mine.

Anonymous said...

I've been looking for something like the brute force crack. But I'm not a programmer and do not have any clue how to use the password generator. Additonally, I don't just have characters, I have phrases that I need included.

Rusli Zainal Sang Visioner said...

Nice share... and dropping ECRusli Zainal Sang Visioner

Anonymous said...

You mentioned using WB to create you passphrase list. Is there other program for creating a list based on permutations of a know passphrase that's 30 or more characters in length? Specifically during container creation a user's passphrase is typed incorrectly (but the same) two or three times. It should be 'X' but is in fact something similar, probably involving swapped characters, or such.

Is there a passphrase creation tool that will create possible permutations of the know phrase in a logical fashion, putting simple errors at the top of the list & more extensive variations further down?


Bozidar Spirovski said...

For a computer there are no 'more logical' or 'less logical' permutations of a string of characters. The 'logic' of common errors exists only in the realm of human languages. So your wished program should identify which language it is, then attempt to identify the possible words used in the password and suggest the correct way of typing the password based on a database of common typing errors in that language. Seems like using office auto-correct suggestions to create a password list! Simply answered, a great idea for a hacking product, but i am not aware of such program existing. And KUDOS to whoever writes it!

Anonymous said...

I'm sorry but I have to question your results. You would need to have a blazing-fast computer to be able to process 18 pw/sec using this tool. I just tried it on a reasonably fast Core 2 Duo and it ran at just under 3 pw/sec.

Tyler Lawrence said...

Okay, I am as careless as several of the other bloggers. I created a password for a TrueCrypt that I can no longer remember. However, my passwords are usually a combination of the same 6-8 words. Does anyone know of a word or password generator that will create a list of all the possible combinations of words to use with the true.crypt.brute tool. Thanks.

Anonymous said...

Great post, thanks alot.

fuji said...

How we use multiple computer to crack it..? any tutorial on that..?

Anonymous said...

I can't possibly thank you enough for providing this true.crypt.brute tool. I looked everywhere for a truecrypt cracking tool and only found a real solution with your post here. I wasn't able to use the wordlist generator you mentioned, but I found a solution elsewhere. Within 10 minutes it was able to uncover the unique password I had forgotten which opened me to 11GB of very important data that I had thought I'd lost forever after countless attempts to gain access to it. I'm not a lucky guy in most cases, but this certainly made my day/week/month. BTW, on my core2duo 2ghz laptop, the tool was only able to manage about 2 pass attempts per second.. not nearly as fast as what you claimed here. Not that I am complaining!

Miguel Febres said...

Another fast solution is TrueCrypt Self Bruteforce

syslogd said...

great wordlist generator, very fast

works on xp vista and 7

cya =]

Bubba Ray said...

If you can't remember any of your password and you created a rather long one, here's an idea of how long a crack would take:

Try 16 characters with upper/lower case with numbers and symbols.

You'd darn well better write that password down! said...

"It went through 819 passwords within 45 seconds and decrypted the password." what is the average length of passwords tested?
However it is very very slow.
Try Truecrack a bruteforce tool, for truecrypt volumes, optimazed with nvidia cuda architecture and based on truecrypt. It take about 30 seconds to make a dictionary attack of 10,000 words with average length of word: 10 characters.
It is under development, you can get it at:

Josh Robertson said...

Tried that Haystack password thing ( My password would take 16.50 trillion centuries to crack in an "Online Attack Scenario". XD

Anonymous said...

Does this work on volumes that use key files in addition to passwords? I have a few volumes that use numerous key files in addition to strong passwords and I'd like to get a sense of how strong this really is?

Anonymous said...

cracking tutorial on youtube said...

good bring in your apple iphone! The program has a score of in are truly mad about playing PSP games on your nice.

Designed by Posicionamiento Web